Dave Dyer wrote: > 1) vnc should maintain it's own list, reserved for security flash > alerts only, and strongly encourage anyone who installs vnc > to sign up.
That is not such a bad idea but this security problem only happened once since I started using VNC(as far as I recall), and I started using VNC back when it was part of ATT. When you connected to the internet you are by definition not secure. It is funny how everyone expecting nothing bad to happen. > > 2) word should have been passed to norton, mcaffee, etc so they > could target vulnerable versions of vnc on behalf of their customers. > I don't know if this mechanism exists, but it ought to. This one is never going to happen for countless reasons. No company will make your box secure if you won't. IMHO, VNC people did all they could to fix the problem and post the update. It is up to the users to make sure they are up to date. If you do not like RealVNC security record you are always free to run any other software. There are really many choices you can make: 1. Run VPN with strong authentication and use your VNC over VPN. 2. Run ssh and tunnel over ssh, which is really equivalent to #1 3. Keep your VNC up to date if you insist on exposing it to the net. 4. Run any other software that you deem more secure. These are your choices. Regards, Alex _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
